Bank says application whitelisting is answer for AV blues

The CIO-level business angle on the latest tech

Many companies have a love-hate relationship with their chosen anti-virus software. On the one hand, the effectiveness rate of even the best AV products is only about 60%, according to AV-comparatives.org, an independent tester of AV software. In addition, such products can degrade system performance on as they scan for viruses and malware. On the other hand, it’s almost inconceivable that any business would operate without anti-virus protection. After all, even a moderately effective tool is better than nothing at all.

But if you talk to Louise Dube, assistant vice president of IT and eBanking at Connecticut River Bank, she’ll tell you that she ditched her AV software almost five years ago in favor of application whitelisting and has never had a virus infection since.

Connecticut River Bank has about 125 employees and eleven branches, mostly in small towns in New Hampshire and Vermont. Dube’s IT department is small, and she needed to get better control over the desktop configurations. For one thing, too much time was spent maintaining the AV software on all the workstations. Plus, some departments were installing their own software, which led to reactive troubleshooting when things went wrong. “Technology was changing so quickly it was hard to keep control over our desktops,” says Dube.

Then a small company named Savant Protection contacted Dube and asked if she would test its new whitelisting product. “I figured I had nothing to lose,” she says, “so I gave it a try. Our bank was a very early adopter of the Savant software. The developers basically designed the product to meet our needs.” Dube had never heard of application whitelisting but it sounded like something that would solve some of her biggest support problems.

To continue reading, register here to become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Many companies have a love-hate relationship with their chosen anti-virus software. On the one hand, the effectiveness rate of even the best AV products is only about 60%, according to AV-comparatives.org, an independent tester of AV software. In addition, such products can degrade system performance on as they scan for viruses and malware. On the other hand, it’s almost inconceivable that any business would operate without anti-virus protection. After all, even a moderately effective tool is better than nothing at all.

But if you talk to Louise Dube, assistant vice president of IT and eBanking at Connecticut River Bank, she’ll tell you that she ditched her AV software almost five years ago in favor of application whitelisting and has never had a virus infection since.

Connecticut River Bank has about 125 employees and eleven branches, mostly in small towns in New Hampshire and Vermont. Dube’s IT department is small, and she needed to get better control over the desktop configurations. For one thing, too much time was spent maintaining the AV software on all the workstations. Plus, some departments were installing their own software, which led to reactive troubleshooting when things went wrong. “Technology was changing so quickly it was hard to keep control over our desktops,” says Dube.

Then a small company named Savant Protection contacted Dube and asked if she would test its new whitelisting product. “I figured I had nothing to lose,” she says, “so I gave it a try. Our bank was a very early adopter of the Savant software. The developers basically designed the product to meet our needs.” Dube had never heard of application whitelisting but it sounded like something that would solve some of her biggest support problems.

Dube’s team installed the Savant software on all desktops. During installation, the Savant client scans the system drives to identify the existing executables and other files that access the CPU.  For each file it identifies, Savant generates a unique key that it permanently assigns to that file on that specific device.  The keys are encrypted and stored locally.  From that point on, any new executable that does not have a key assigned to it cannot run.  So, for example, if malware code does make its way onto the device, it simply dies on the vine because it doesn’t have a key to run.

This also prevents end users from installing software that hasn’t been pre-authorized by the IT department. Dube says this has helped open up communications between IT and the bank’s upper management. “Now we all discuss the need to have a specific application on a workstation. It gives us complete control to lock down the devices.”

Of course, there are times when Dube wants the workstations to be updated with software without human intervention. For example, when Windows patches are issued, or when updates to the bank’s loan documentation software are issued. Savant allows trusted agents to make changes to the workstation software and to add the new executables to the whitelist.

Linda Musthaler is a principal analyst with Essential Solutions Corporation.